Disabling Web Services in ESXi
Duncan posted this one this evening.
So to add to his post there is a way to “hide” the web service at least front page
in ESXi the configuration file that is responsible for all this is /etc/vmware/hostd/proxy.xml
<ConfigRoot>
<EndpointList>
<length>10</length>
<type>vim.ProxyService.EndpointSpec[]</type>
<e id="0">
<type>vim.ProxyService.LocalServiceSpec</type>
<accessMode>httpsWithRedirect</accessMode>
<port>8309</port>
<serverNamespace>/</serverNamespace>
</e>
<e id="1">
<type>vim.ProxyService.LocalServiceSpec</type>
<accessMode>httpsWithRedirect</accessMode>
<port>8307</port>
<serverNamespace>/sdk</serverNamespace>
</e>
<e id="2">
<type>vim.ProxyService.LocalServiceSpec</type>
<accessMode>httpsWithRedirect</accessMode>
<port>8308</port>
<serverNamespace>/ui</serverNamespace>
</e>
<e id="3">
<type>vim.ProxyService.NamedPipeServiceSpec</type>
<accessMode>httpsOnly</accessMode>
<pipeName>/var/run/vmware/proxy-vpxa</pipeName>
<serverNamespace>/vpxa</serverNamespace>
</e>
<e id="4">
<type>vim.ProxyService.NamedPipeServiceSpec</type>
<accessMode>httpsWithRedirect</accessMode>
<pipeName>/var/run/vmware/proxy-mob</pipeName>
<serverNamespace>/mob</serverNamespace>
</e>
<e id="5">
<type>vim.ProxyService.LocalServiceSpec</type>
<!-- Use this mode for "secure" deployment -->
<accessMode>httpsWithRedirect</accessMode>
<!-- Use this mode for "insecure" deployment -->
<!-- <accessMode>httpAndHttps</accessMode> -->
<port>8889</port>
<serverNamespace>/wsman</serverNamespace>
</e>
<!-- Needed because old versions of the VI client access
the clients.xml file over Http for upgrade -->
<e id="6">
<type>vim.ProxyService.LocalServiceSpec</type>
<accessMode>httpAndHttps</accessMode>
<port>8309</port>
<serverNamespace>/client/clients.xml</serverNamespace>
</e>
<e id="7">
<type>vim.ProxyService.NamedPipeTunnelSpec</type>
<serverNamespace>/sdkTunnel</serverNamespace>
<accessMode>httpOnly</accessMode>
<pipeName>/var/run/vmware/proxy-sdk-tunnel</pipeName>
</e>
<e id="8">
<type>vim.ProxyService.LocalServiceSpec</type>
<accessMode>httpAndHttps</accessMode>
<port>12001</port>
<serverNamespace>/ha-nfc</serverNamespace>
</e>
<e id="9">
<type>vim.ProxyService.LocalServiceSpec</type>
<accessMode>httpAndHttps</accessMode>
<port>12000</port>
<serverNamespace>/nfc</serverNamespace>
</e>
</EndpointList>
</ConfigRoot>The part we are interested in is this
<e id="0">
<type>vim.ProxyService.LocalServiceSpec</type>
<accessMode>httpsWithRedirect</accessMode>
<port>8309</port>
<serverNamespace>/</serverNamespace>
</e> In order to mask the web page all that you need to do is change the port number in the config file and this will lead you to blank page
<e id="0">
<type>vim.ProxyService.LocalServiceSpec</type>
<accessMode>httpsWithRedirect</accessMode>
<port>**8499**</port>
<serverNamespace>/</serverNamespace>
</e>
<!--e id="4">
<type>vim.ProxyService.NamedPipeServiceSpec</type>
<accessMode>httpsWithRedirect</accessMode>
<pipeName>/var/run/vmware/proxy-mob</pipeName>
<serverNamespace>/mob</serverNamespace>
</e--\>
<e id="6">
<type>vim.ProxyService.LocalServiceSpec</type>
<accessMode>httpAndHttps</accessMode>
**<port>8399</port>**
<serverNamespace>/client/clients.xml</serverNamespace>
</e> The same way you could mask any of the other services you would like (mob etc..)
Restart the services on the Host with
/sbin/services.sh restart
Before
And after
Update: William Lam also posted a 3rd method that did not need going into the unsupported Dropbear console. Well worth a read!!